update: libgcrypt #1388

dongsupark · 2024-03-07T07:45:37Z

Name: libgcrypt
CVEs: CVE-2024-2236
CVSSs: 5.9
Action Needed: TBD

Summary: A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

See also https://bugzilla.redhat.com/show_bug.cgi?id=2268268.

refmap.gentoo: TBD

dongsupark · 2024-09-03T12:24:36Z

It has not been fixed in upstream libgcrypto, due to disagreements on how the fix should be implemented. See also this.

dongsupark added security security concerns advisory security advisory labels Mar 7, 2024

github-actions bot mentioned this issue Mar 22, 2024

Monthly contributions report 2024-02-22 - 2024-03-21 #1398

Closed

dongsupark added the cvss/MEDIUM >= 4 && < 7 assessed CVSS label Mar 25, 2024

github-actions bot mentioned this issue Apr 22, 2024

Monthly contributions report 2024-03-22 - 2024-04-21 #1435

Closed

github-actions bot mentioned this issue May 22, 2024

Monthly contributions report 2024-04-22 - 2024-05-21 #1451

Closed

github-actions bot mentioned this issue Jun 22, 2024

Monthly contributions report 2024-05-22 - 2024-06-21 #1477

Closed

github-actions bot mentioned this issue Jul 22, 2024

Monthly contributions report 2024-06-22 - 2024-07-21 #1497

Closed

github-actions bot mentioned this issue Aug 22, 2024

Monthly contributions report 2024-07-22 - 2024-08-21 #1519

Open

dongsupark added the advisory/upstream-blocked blocked by upstream projects label Sep 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update: libgcrypt #1388

update: libgcrypt #1388

dongsupark commented Mar 7, 2024 •

edited

Loading

dongsupark commented Sep 3, 2024

update: libgcrypt #1388

update: libgcrypt #1388

Comments

dongsupark commented Mar 7, 2024 • edited Loading

dongsupark commented Sep 3, 2024

dongsupark commented Mar 7, 2024 •

edited

Loading